Security Advisory

CVE-2007-0626

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2007-01-31 18:00:00

Last updated 2024-08-07 12:26:54

Assigner mitre

State PUBLISHED

Description

The comment_form_add_preview function in comment.module in Drupal before 4.7.6, and 5.x before 5.1, and vbDrupal, allows remote attackers with "post comments" privileges and access to multiple input filters to execute arbitrary code by previewing comments, which are not processed by "normal form validation routines."

← Browse all CVEs View on cve.org ↗